The bgplgsh program is a looking glass shell
for the bgpd(8) Border Gateway
Protocol daemon. The looking glass will provide a simple command line
interface with read-only access to a restricted set of
bgpd(8) and system status
information, which is typically used on route servers by Internet Service
Providers (ISPs) and Internet eXchange points (IXs).

It requires three steps to enable the looking glass shell:

Add bgplgsh as a valid login shell. See
shells(5) for more
information.

# echo /usr/bin/bgplgsh >> /etc/shells

Create a new user for restricted looking glass access. See
adduser(8) for more
information about system user management.

# adduser -shell /usr/bin/bgplgsh -batch bgplg
# passwd bgplg

Start the Border Gateway Protocol daemon with a second, restricted,
control socket. See
bgpd.conf(5) and
bgplg(8) for more
information.

For example, add the following to
/etc/bgpd.conf to have
bgpd(8) open a second,
restricted, control socket:

To prevent commands from running endlessly,
bgplgsh will kill the corresponding
processes after a hard limit of 60 seconds. For example, this can take effect
when using traceroute(8)
with blackholed or bad routes.